search

aurora-is-near / aurora-engine

⚙️ Aurora Engine implements an Ethereum Virtual Machine (EVM) on the NEAR Protocol.
https://doc.aurora.dev/develop/compat/evm
332 stars 81 forks source link

Supporting EIP-196 (elliptic curve `alt_bn128`) #409

Open 0x3bfc opened 2 years ago

0x3bfc commented 2 years ago

Description

One of our partners is asking for zkSNARK precompile contract support. The alt_bn128 precompile is needed in order to proceed with his zkSNARK app/protocol(s). More details can be found in eip-196 and eip-197.

Motivation

snjax commented 2 years ago

Related PR in NEAR is https://github.com/near/nearcore/pull/3971. Currently, it is WIP.

andrcmdr commented 2 years ago

Hm... If I understand correctly, zero-knowledge proof verification should be implemented with usage of alt_bn128 elliptic curve, to support confidential transactions. A former tinysnark (now https://github.com/ebfull/hackishlibsnarkbindings) libsnark bindings can be used to implement that, if it fits well (for standalone engine for sure, but practically not sure about compiling libsnark into WASM or using it as binary blob from WASM code of engine contract on Near - cc @joshuajbouw, @birchmd, @mrLSD): https://github.com/ebfull/hackishlibsnarkbindings/blob/master/src/lib.rs#L57

Example of implementation I found for former Parity node: https://github.com/gancherj/parity/commit/b820abf755e216ccf24640549735412ec02dac62#diff-d3c7f08c14ccf9138a1f95de4e78c1a5164026a0127a5f8c1ec4a0619e72ca61R105

Example of usage in a contract (mixer in this case, babyzoe uses Parity node): https://github.com/zcash-hackworks/babyzoe/blob/master/zoe/contract/mixer.sol#L2 https://github.com/zcash-hackworks/babyzoe/blob/master/zoe/contract/mixer.sol#L10 https://github.com/zcash-hackworks/babyzoe/blob/master/zoe/contract/mixer.sol#L83

andrcmdr commented 2 years ago

If I understand correctly, zero-knowledge proof verification should be implemented with usage of alt_bn128 elliptic curve, to support confidential transactions.

Ah... right... to support confidential transactions and zk proof verification from their, partner's, side... now it's clear. alt_bn128 support is already implemented. But... Support for zk proof verification as precompile in engine - this maybe an interesting case, nevertheless!

joshuajbouw commented 2 years ago

We need to implement it as a precompile on NEAR. Way too expensive through Aurora.